Deploying the BDD Management Pack

This section includes an overview of how the BDD Management Pack works. It also provides detailed instructions on setup, including configuring rules, customizing the monitoring of BDD 2007 events, and setting up reporting.

On This Page

Overview of the BDD Management Pack Overview of the BDD Management Pack
Installing the Management Pack Installing the Management Pack
Configuring Agent Computers to Run in Low-Privilege Scenarios Configuring Agent Computers to Run in Low-Privilege Scenarios

Overview of the BDD Management Pack

The BDD Management Pack monitors SMS status messages that SMS 2003 and the SMS OSD Feature Pack generate and that are reported to the SMS central site server. The Management Pack also monitors events generated directly by the BDD 2007 scripts. These events are recorded on the SMS central site servers and BDD 2007 event collection servers.

The MOM agents on these SMS central site servers and BDD 2007 event collection servers collect these events and forward them to be stored in the MOM database. For more information about how to deploy the agents on the SMS central site servers and BDD event collection servers, see “Discovering Computers and Deploying MOM Agents” in the Microsoft Operations Manager 2005 Deployment Guide at http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/36c08d59-1b67-42c9-b152-98f78b3bc608.mspx.

For more information about how to install MOM reporting, see “Deploying MOM 2005 Reporting” in the Microsoft Operations Manager 2005 Deployment Guide at http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/ea01004b-d5b4-4879-955d-6e0910a883bd.mspx.

Note   The BDD Management Pack reports require Microsoft SQL Server 2000 Reporting Services Service Pack 1 (SP1) or later to function correctly.

The process for recording BDD 2007 events that the BDD 2007 scripts create in the MOM Database, illustrated in Figure 1, is as follows:

  1. The BDD 2007 scripts identify an event that must be recorded.

  2. The BDD 2007 scripts record the event in the BDD 2007 log file stored in the shared folders on BDD 2007 event collection servers.

  3. MOM agents running on the BDD 2007 event collection servers collect the events and send them to the MOM management servers.

  4. MOM management servers record the event in the MOM Database.

  5. MOM management servers record events in the MOM data warehouse database that the reports in the Management Pack use.

Figure 1. Process for recording BDD 2007 events in the MOM Database

Figure 1. Process for recording BDD 2007 events in the MOM Database

Note   Although Figure 1 uses ZTI for some of the names, the process illustrated is the same for ZTI and Lite Touch Installation (LTI) deployments.

The process for recording events that SMS 2003 and the SMS OSD Feature Pack create in the MOM Database, illustrated in Figure 2, is as follows:

  1. SMS 2003 or the SMS OSD Feature Pack identifies an event that must be generated.

  2. SMS 2003 or the SMS OSD Feature Pack sends the event through the SMS server hierarchy as a status message.

  3. MOM agents running on the SMS site servers collect the events and send them to the MOM management servers.

  4. MOM management servers record the event in the MOM Database.

  5. MOM management servers record events in the MOM data warehouse database that the reports in the Management Pack use.

Figure 2. Process for recording SMS-related events in the MOM Database

Figure 2. Process for recording SMS-related events in the MOM Database

Installing the Management Pack

The BDD Management Pack assumes that MOM 2005 has been installed. MOM 2005 reporting must be installed to use the reports in the Management Pack.

To install the BDD Management Pack

  1. Configure the MOM 2005 Global Settings.

  2. Configure the event collection servers.

  3. Assign the appropriate permissions to the MOM action account.

  4. Copy the Management Pack files onto the MOM management servers in the MOM 2005 infrastructure.

  5. Import the Management Pack into MOM 2005.

  6. Configure Management Pack rule groups.

  7. Customize the Management Pack rules.

  8. Configure the Management Pack notification groups.

  9. Configure the CustomSettings.ini file.

Configuring the MOM 2005 Global Settings

MOM 2005 contains configuration settings that affect all MOM management servers in a management group. The Management Pack requires that team members make changes to these settings for proper operation.

The following MOM 2005 configuration settings must be modified:

  • Disable execution of custom responses on management servers. The management servers must be configured to run custom responses, because the Management Pack uses custom responses to add new client computers to the MOM Database.

  • Prevent agent from proxying for other computers or network devices. Allow MOM agents to generate events on behalf of other computers, because the Management Pack uses this feature to generate MOM events on behalf of the client computers.

Configure these setting in the MOM 2005 Global Settings for all management servers in the management group (unless different settings are configured on individual management servers).

Note   If enabling these settings globally is undesirable, configure the settings on individual management servers or create another management group for monitoring BDD 2007 deployments.

To configure the Global Settings in MOM 2005

  1. On a computer on which the MOM Administrator console is installed, click Start, and then point to All Programs. Point to Microsoft Operations Manager 2005, and then click Administrator Console.

  2. In the console tree, expand Microsoft Operations Manager (servername) (where servername is the name of the MOM management server).

  3. In the console tree, expand Administration, right-click Global Settings, and then click Global Settings.

  4. On the Security tab, clear the Disable execution of custom responses on Management Servers check box, and then click OK.

  5. In the console tree, right-click Global Settings, and then click Agent Settings.

  6. On the Security tab, clear the Prevent agent from proxying for other computers or network devices check box, and then click OK.

Configuring the Event Collection Servers

The BDD 2007 scripts write events to a shared folder on servers known as event collection servers. Specify the event collection servers by using the EventShare parameter in the CustomSettings.ini file. The EventShare parameter specifies a Universal Naming Convention (UNC) path to a shared folder in which the BDD 2007 scripts record events.

The Generate ZTI Events and Discovery Data rule periodically collects the events from the event collection servers and creates corresponding events in the MOM Database. The Generate ZTI Events and Discovery Data rule enumerates the computers in the ZTI Event Collection Servers computer group to collect the events.

To configure the event collection servers

  1. Create the Events shared folder on the event collection servers.

  2. Configure the Events shared folder permissions.

  3. Configure the CustomSettings.ini file to use the appropriate event collection servers.

Creating the Events Shared Folder

As the first step in configuring the event collection servers, create a shared folder in which to store the events. Typically, the event collection server is same server in which the user state migration data shared folder (MigData) and deployment logs shared folder (Logs) reside. For more information about these shared folders, see “Creating Additional Shared Folders” in the Zero Touch Installation Guide.

To create the Events shared folder

  1. Identify an existing computer or install a new computer as an event collection server.

  2. Create a C:\Events folder on the server identified in step 1, and then share the folder as Events.

Note   If the folder is created in any location other than C:\Events, modify the Generate ZTI Events and Discovery Data Management Pack rule to reference the location of the folder created.

Configuring the Events Shared Folder Permissions

After creating the Events shared folder, configure the appropriate shared folder permissions. Ensure that unauthorized users are unable to access user state migration information and the deployment logs. Only the computer creating the events should have access to these folders.

To configure the shared folder permissions

  1. In Microsoft Windows® Explorer, right-click EventsFolder (where EventsFolder is the name of the folder created earlier in the process and in which the log files reside), and then click Properties.

  2. On the Security tab, click Advanced.

  3. On the Permissions tab, clear the Allow inheritable permissions from the parent to propagate to this object and all child objects check box.

  4. When the Remove when prompted to either Copy or Remove the permission entries that were previously applied from the parent dialog box appears, click Remove.

  5. On the Permissions tab, click Add.

  6. In the Enter the object name to select box, type Domain Computers, and then click OK.

    This action allows domain computers to create subfolders.

  7. On the Permission Entry for EventsFolder dialog box (where EventsFolder is the name of the folder created earlier in the process and in which the log files reside), in the Apply onto list, select This folder only.

  8. On the Permission Entry for EventsFolder dialog box (where EventsFolder is the name of the folder created earlier in the process and in which the log files reside), in the Permissions list, select Allow for the Create Files/Write Data permission, and then click OK.

  9. Repeat steps 5–8, substituting Domain Users for Domain Computers.

  10. On the Permissions tab, click Add.

  11. In the Enter the object name to select box, type CREATOR OWNER, and then click OK.

    This action allows domain computers and domain users to access the subfolders they create.

  12. On the Permission Entry for EventsFolder dialog box (where EventsFolder is the name of the folder created earlier in the process and in which the log files reside), in the Apply onto list, select Subfolders and files only.

  13. On the Permission Entry for EventsFolder dialog box (where EventsFolder is the name of the folder you created earlier in the process, in which the log files are stored), in the Permissions list, select Allow for the Full Control permission, and then click OK.

  14. Repeat steps 10–13 for each group to which administrative privileges will be granted.

    Note   Examples of these groups include the SMS network access account and the credentials provided in the Windows Deployment Wizard.

The permissions set in these steps allow a computer to connect to the appropriate share and create a new folder in which to store user state information or logs, respectively. The folder permissions prevent other users or computers from accessing the data stored in the folder.

Note   The default permissions on the SMS distribution point shares should provide the appropriate resource access by default.

Configuring the CustomSettings.ini File

Modify the CustomSetting.ini file in each respective image to include the appropriate values for the EventShare property (as show in Listing 1 and Listing 2). In the example in these listings, the [Default] section is used. However, teams could also set the EventShare property in other sections (such as [DefaultGateway]).

Listing 1. CustomSettings.ini File Before Adding the EventShare Values

[Default]
UDShare=\\NYC-AM-FIL-01\MigData
SLShare=\\NYC-AM-FIL-01\Logs
.
.
.

Listing 2. CustomSettings.ini File After Adding the EventShare Values

[Default]
UDShare=\\NYC-AM-FIL-01\MigData
SLShare=\\NYC-AM-FIL-01\Logs
EventShare=\\NYC-AM-FIL-01\Events
.
.
.

Note   For more information about adding the event collection servers to the ZTI Event Collection Servers computer group, see “Configuring the Management Pack Rule Groups” later in this document.

Assigning the Appropriate Permissions to the MOM Action Account

When MOM 2005 is installed, a MOM action account is created. MOM 2005 uses the MOM action account to run applications on and communicate with MOM-managed computers.

Assign the permissions listed in Table 4 to the MOM action for the Management Pack to operate correctly. Assign additional permissions if the environment requires them.

Table 4. SMS Object Class Rights That Must Be Assigned to the MOM Action Account

SMS object class

Instance

Assign this right

Advertisement

(All Instances)

Read

Collection

(All Instances)

Read

Package

(All Instances)

Read

Site

(All Instances)

Read

Status Message

(All Instances)

Read

To assign the permission listed in Table 4 to the MOM action

  1. Start the SMS Administrator console.

  2. In the console tree, expand Site Database. Right-click Security Rights, point to All Tasks, and then click Manage SMS Users.

  3. Complete the SMS User Wizard by using the information in Tables 4 and 5.

    Table 5. Information for Completing the SMS User Wizard

    On this wizard page

    Complete these steps

    Welcome to the SMS User Wizard

    Click Next.

    User Name

    Click Add a new user, type ActionAccount (where ActionAccount is the name of the MOM action account in the format domain\username), and then click Next.

    Rights

    Click Add another right or modify an existing one, and then click Next.

    Add a Right

    In the Class box, select the SMS Class listed in Table 4.

    In the Instance box, select (All Instances).

    In the Permissions section, select the Read check box.

    Click Next.

    Rights (second time)

    Complete the previous two pages for each of the SMS Object Classes in Table 4.

    When all rights are assigned, click The listed rights are sufficient, and then click Next.

    Completing the SMS User Wizard

    Click Finish.

  4. Close the SMS Administrator console.

Copying the Management Pack Files onto MOM Management Servers

In preparation for importing the Management Pack into MOM 2005, copy the Management Pack and supporting files to each MOM management server that monitors the BDD 2007 deployment process.

To copy the Management Pack files onto the MOM management servers

  1. On the computer running BDD 2007, browse to InstallFolder\ManagementPack (where InstallFolder is the name of the folder in which BDD 2007 resides—the default is C:\Program Files\BDD 2007).

  2. Copy management_pack_file to C:\Program Files\Microsoft Operations Manager 2005\Management Packs on the MOM management servers (where management_pack_file is the name of the appropriate management pack). The management packs provided include:

    • Microsoft Solution Accelerator for Business Desktop Deployment.akm. Prevents modification of the text in the management pack knowledge base (For most instances, select this file.)

    • Microsoft Solution Accelerator for Business Desktop Deployment.full.akm. Allows modification of the text in the management pack knowledge base (Select this file to modify the knowledge base text—for example, to localize the knowledge base text to another language.)

  3. Copy ZeroTouchInstallationManagementPackReports.xml from the location in Step 1 to C:\Program Files\Microsoft Operations Manager 2005\Management Packs on the MOM management servers.

  4. Browse to InstallFolder\ManagementPack (where InstallFolder is the name of the folder in which BDD 2007 resides—the default is C:\Program Files\BDD 2007).

  5. Copy Microsoft.BDD.Monitoring.dll to C:\Program Files\Microsoft Operations Manager 2005 on the MOM management servers.

  6. From a Command Prompt window on the MOM management servers, change to the %WINDIR%\Microsoft.NET\Framework\v1.1.4322 folder.

  7. From a Command Prompt window on the MOM management servers, type gacutil /i “C:\Program Files\Microsoft Operations Manager 2005\Microsoft.BDD.Monitoring.dll”, and then press ENTER.

Importing the Management Pack into MOM 2005

After copying the Management Pack and supporting files to each MOM management server, import the Management Pack into MOM 2005.

To import the Management Pack into MOM 2005

  1. On a computer running the MOM Administrator console, click Start, point to All Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.

  2. In the console tree, expand Microsoft Operations Manager (servername) (where servername is the name of the MOM management server).

  3. In the console tree, right-click Management Packs, and then click Import/Export Management Pack.

  4. Complete the Management Pack Import/Export Wizard by using the information in Table 6. Accept default values unless otherwise specified.

    Table 6. Information for Completing the Management Pack Import/Export Wizard

    On this wizard page

    Complete these steps

    Welcome to the Management Pack Import/Export Wizard

    Click Next.

    Import or Export Management Packs

    Click Import Management Packs and/or reports.

    Click Next.

    Select a Folder and Choose Import Type

    Click Browse.

    In the Browse for Folder dialog box, select C:\Program Files\Microsoft Operations Manager 2005\Management Packs, then click OK.

    Under Type of import, click Import Management Packs and reports.

    Click Next.

    Select Management Packs

    In the Please select one or more Management Packs to import box, select management_pack_file (where management_pack_file is the name of the appropriate management pack).

    The management packs provided include:

    • Microsoft Solution Accelerator for Business Desktop Deployment.akm. Prevents modification of the text in the management pack knowledge base (For most instances, select this file.)

    • Microsoft Solution Accelerator for Business Desktop Deployment.full.akm. Allows modification of the text in the management pack knowledge base (Select this file to modify the knowledge base text—for example, to localize the knowledge base text to another language.)

    Click Next.

    Select Reports

    In the Please select one or more reporting files to import box, select ZeroTouchInstallationManagementPackReports.xml.

    Click Next.

    Completing the Management Pack Import/Export Wizard

    Confirm the Management Pack to import.

    Click Finish.

Configuring the Management Pack Rule Groups

After importing the Management Pack, configure the Management Pack rule groups to use the appropriate computer groups. Table 7 lists the Management Pack rule groups and the default computer groups configured for each rule group.

Table 7. Management Pack Rule Groups and the Computer Groups Configured for the Rule Group

Rule group

Is configured for this computer group

SMS Central Site Servers

Microsoft SMS 2003 Central Site Servers. This computer group contains all computers running SMS 2003 that have no parent site and are managed by MOM 2005. This computer group is typically populated automatically by the MOM discovery process.

MOM Server

Microsoft Operations Manager 2005 Servers. This computer group includes all MOM management servers and is typically populated automatically by the MOM discovery process.

ZTI Event Collection Servers

Microsoft SA for BDD Event Collection Servers. This computer group includes all the servers that are repositories for the events that ZeroTouchInstallation.vbs creates. Specify these servers by setting the EventShare parameter in the CustomSettings.ini file. Manually add any server specified in the EventShare parameter to this computer group.

Each computer group listed in Table 7 must have at least one computer for the Management Pack to function properly. If the default configuration is not appropriate, change the computer groups to which the rule groups are applied.

Note   For more information about computer groups and rule groups, see Microsoft Operations Manager 2005 Help.

The only required configuration is to manually add computers to the Microsoft SA for BDD Event Collection Servers computer group. The other computer groups are populated automatically as MOM 2005 discovers them.

To manually add computers to the Microsoft SA for BDD Event Collection Servers computer group

  1. On a computer running the MOM Administrator console, click Start, point to All Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.

  2. In the console tree, expand Microsoft Operations Manager (servername) (where servername is the name of the MOM management server).

  3. In the console tree, expand Management Packs, expand Computer Groups, right-click Microsoft SA for BDD Event Collection Servers, and then click Properties.

  4. In the Microsoft SA for BDD Event Collection Servers Properties dialog box, on the Included Computers tab, click Add.

  5. In the Add Computer dialog box, select CollectionServer (where CollectionServer is the name of the event collection server you want to add), and then click OK.

  6. In the Microsoft SA for BDD Event Collection Servers Properties dialog box, click OK.

Customizing the Management Pack Rules

The Management Pack contains rules that control how MOM 2005 processes the events collected from the client computers. Table 8 lists the Management Pack rules for customization along with a description of each rule.

Table 8. Management Pack Rules and Descriptions

Rule

Description

Cleanup old computers

This rule controls the length of time (in days) that computers remain in the MOM Database before being removed. The default value is seven days.

Detect Hung Computers

This rule controls the length of time (in minutes) before a computer is identified as non-responsive. The default value is 30 minutes.

Generate ZTI Events and Discovery Data

This rule collects information from the logs the scripts create and creates events that MOM 2005 can record.

In most instances, the default settings of these rules are adequate. The only rule that must be customized is Generate ZTI Events and Discovery Data, which must be configured to pass the proper path on the event collection server on which the logs reside.

Note   To customize the Management Pack rules, customize each rule listed in Table 8.

Customizing Cleanup Old Computers Rule

To customize the Cleanup old computers rule, complete these steps:

  1. On a computer running the MOM Administrator console, click Start, point to All Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.

  2. In the console tree, expand Microsoft Operations Manager (servername) (where servername is the name of the MOM management server).

  3. In the console tree, expand Management Packs, expand Rule Groups, expand Microsoft Solution Accelerator for Business Desktop Deployment, expand MOM Server, and then click Event Rules.

  4. In the details pane, right-click Cleanup old computer, and then click Properties.

  5. In the Event Rule Properties (managementgroup) – Cleanup old computer dialog box (where managementgroup is the name of the MOM management group), on the Responses tab, click Microsoft.BDDMonitoring, and then click Edit.

  6. In the Configure .NET Framework Response dialog box, in the Method parameters (in order) list, click System.Int32, and then click Edit.

  7. In the Edit Method Parameter dialog box, in Value, type cleanuptime (where cleanuptime is the length of time [in days] computers remain in the MOM Database), and then click OK.

  8. In the Configure .NET Framework Response dialog box, click OK.

  9. In the Event Rule Properties (managementgroup) – Cleanup old computer dialog box (where managementgroup is the name of the MOM management group), click OK.

Customizing Detect Hung Computers Rule

To customize the Detect Hung Computers rule, complete these steps:

  1. On a computer running the MOM Administrator console, click Start, point to All Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.

  2. In the console tree, expand Microsoft Operations Manager (servername) (where servername is the name of the MOM management server).

  3. In the console tree, expand Management Packs, expand Rule Groups, expand Microsoft Solution Accelerator for Business Desktop Deployment, expand MOM Server, and then click Event Rules.

  4. In the details pane, right-click Detect Hung Computer, and then click Properties.

  5. In the Event Rule Properties (managementgroup) – Detect Hung Computer dialog box (where managementgroup is the name of the MOM management group), on the Responses tab, click Microsoft.BDDMonitoring, and then click Edit.

  6. In the Configure .NET Framework Response dialog box, in the Method parameters (in order) list, click System.Int32, and then click Edit.

  7. In the Edit Method Parameter dialog box, in Value, type cleanuptime (where cleanuptime is the length of time [in days] computers remain in the MOM Database), and then click OK.

  8. In the Configure .NET Framework Response dialog box, click OK.

  9. In the Event Rule Properties (managementgroup) – Detect Hung Computer dialog box (where managementgroup is the name of the MOM management group), click OK.

Customizing Generate ZTI Events and Discovery Data Rule

To customize the Generate ZTI Events and Discovery Data rule, complete these steps:

  1. On a computer running the MOM Administrator console, click Start, point to All Programs, point to Microsoft Operations Manager 2005, and then click Administrator Console.

  2. In the console tree, expand Microsoft Operations Manager (servername) (where servername is the name of the MOM management server).

  3. In the console tree, expand Management Packs, expand Rule Groups, expand Microsoft Solution Accelerator for Business Desktop Deployment, expand ZTI Event Collection Servers, and then click Event Rules.

  4. In the details pane, right-click Generate ZTI Events and Discovery Data, and then click Properties.

  5. In the Event Rule Properties (managementgroup) – Generate ZTI Events and Discovery Data dialog box (where managementgroup is the name of the MOM management group), on the Responses tab, click BDD Get ZTI Events, and then click Edit.

  6. In the Launch a Script dialog box, in the Script parameters list, click FolderPath, and then click Edit Parameter.

  7. In the Edit Script Parameter dialog box, in Value, type EventsFolder (where EventFolder is the path to the folder on the event collection server—by default, C:\Events), and then click OK.

  8. In the Launch a Script dialog box, click OK.

  9. In the Event Rule Properties (managementgroup) – Generate ZTI Events and Discovery Data dialog box (where managementgroup is the name of the MOM management group), click OK.

Configuring Notification Groups

Alerts that MOM 2005 generates are sent to notification groups. The alerts that the Management Pack generates are sent to the BDD Administrators notification group.

To configure the BDD Administrators notification

  1. Add MOM operators to the BDD Administrators notification group.

    After installation, the BDD Administrators notification group is empty. Add the appropriate operators to the notification group.

  2. Specify the appropriate notification methods.

Different methods exist for notifying operators of an alert (such as e-mail, pager, and running an executable file). Configure the appropriate method for each operator.

Note   For more information about configuring notification groups, see Microsoft Operations Manager 2005 Help.

Configuring the CustomSettings.ini File

Configure the OSDMP and OSDSiteCode properties in the CustomSettings.ini and the BootStrap.ini files so that the SMS OSD Feature Pack can properly report status messages in the New Computer scenario. Doing so allows the SMS OSD Feature Pack to send status messages properly from Microsoft Windows Preinstallation Environment (Windows PE).

To configure the CustomSettings.ini and BootStrap.ini to allow the SMS OSD Feature Pack to properly report status messages

  1. Open the CustomSettings.ini and BootStrap.ini files for each image to be deployed.

  2. Modify the [Default] section as referenced in the Priority property to include the following values:

    OSDMP= ServerName :80

    OSDSITECODE= SiteCode

    (where ServerName is the server name of the central site server’s management point, often the central site server itself, and SiteCode is the SMS site code of the SMS site) as illustrated in Listing 3 and Listing 4.

    Note   The examples in Listing 3 and Listing 4 illustrate the modifications to the CustomSettings.ini file. Make the same modifications to the BootStrap.ini file.

    Listing 3. [Default] Section Before Modification

    [Default]
    

UDShare=\NYC-AM-FIL-01\MigData SLShare=\NYC-AM-FIL-01\Logs UDProfiles=** OSDINSTALLSILENT=1 OSDINSTALLPACKAGE=NYC00001 OSDINSTALLPROGRAM=InstallXP . . .

**Listing 4. \[Default\] Section After Modification**

<pre IsFakePre="true" xmlns="http://www.w3.org/1999/xhtml">[Default]

UDShare=\NYC-AM-FIL-01\MigData SLShare=\NYC-AM-FIL-01\Logs UDProfiles=** OSDINSTALLSILENT=1 OSDINSTALLPACKAGE=NYC00001 OSDINSTALLPROGRAM=InstallXP OSDMP=NYC-AM-SMS-01:80 OSDSITECODE=001 . . .

Configuring Agent Computers to Run in Low-Privilege Scenarios

The recommended installation process configures the MOM Action Account to run with minimal permissions. For more information, see “Installing the Management Pack” earlier in this document.

Download

Get the Microsoft Solution Accelerator for Business Desktop Deployment 2007

Update Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions